CVE-2016-3923 Information
Feb 14, 2021
cve
Description
The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application aka internal bug 30647115.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Reference
http://source.android.com/security/bulletin/2016-10-01.html http://www.securityfocus.com/bid/93310 https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
5.5
Share on: